/**
 *
 */
package com.legrand.security;

import com.legrand.security.extractor.TokenExtractor;
import com.legrand.security.filter.JwtTokenAuthenticationProcessingFilter;
import com.legrand.security.jwt.JwtAuthenticationProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;

/**
*@author xiah
*2018-07-10 06:01:07
*/
@Configuration
@ComponentScan()
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

       @Autowired
       private RestAuthenticationEntryPoint authenticationEntryPoint;
       @Autowired
       private AuthenticationFailureHandler failureHandler;
       @Autowired
       private JwtAuthenticationProvider jwtAuthenticationProvider;
       @Autowired
       private TokenExtractor tokenExtractor;
       @Autowired
       private AuthenticationManager authenticationManager;

       @Bean
       @Override
       public AuthenticationManager authenticationManagerBean() throws Exception {
              return super.authenticationManagerBean();
       }

       @Override
       protected void configure(AuthenticationManagerBuilder auth) {
              auth.authenticationProvider(jwtAuthenticationProvider);
       }

       @Override
       protected void configure(HttpSecurity http) throws Exception {
              http.csrf().disable()
                      .exceptionHandling().authenticationEntryPoint(this.authenticationEntryPoint).and()
                      .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
                      .authorizeRequests().antMatchers("/api/**/sec/**")
                      .authenticated().anyRequest().permitAll().and()
                      .addFilterAfter(buildJwtTokenAuthenticationProcessingFilter(),
                              UsernamePasswordAuthenticationFilter.class);
       }

       protected JwtTokenAuthenticationProcessingFilter buildJwtTokenAuthenticationProcessingFilter() throws Exception {
              AntPathRequestMatcher matcher = new AntPathRequestMatcher("/api/**/sec/**");
              JwtTokenAuthenticationProcessingFilter filter = new JwtTokenAuthenticationProcessingFilter
                      (failureHandler, tokenExtractor, matcher);
              filter.setAuthenticationManager(this.authenticationManager);
              return filter;
       }
}
